tls_sign_misc.c
Go to the documentation of this file.
1 /**
2  * @file tls_sign_misc.c
3  * @brief Helper functions for signature generation and verification
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2022-2026 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneIPSEC Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.6.4
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL TLS_TRACE_LEVEL
33 
34 //Dependencies
35 #include "tls/tls.h"
36 #include "tls/tls_cipher_suites.h"
37 #include "tls/tls_sign_misc.h"
38 #include "tls/tls_misc.h"
39 #include "debug.h"
40 
41 //Check TLS library configuration
42 #if (TLS_SUPPORT == ENABLED)
43 
44 //List of supported signature algorithms
45 const uint16_t tlsSupportedSignAlgos[] =
46 {
76 };
77 
78 
79 /**
80  * @brief Select the algorithm to be used when generating digital signatures
81  * @param[in] context Pointer to the TLS context
82  * @param[in] cert End entity certificate
83  * @param[in] signAlgoList List of signature/hash algorithm pairs offered by
84  * the peer
85  * @return Error code
86  **/
87 
89  const TlsSignSchemeList *signAlgoList)
90 {
91  error_t error;
92 
93  //Initialize status code
94  error = NO_ERROR;
95  //Default signature algorithm
96  context->signScheme = TLS_SIGN_SCHEME_NONE;
97 
98 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_1)
99  //TLS 1.0 or TLS 1.1 currently selected?
100  if(context->version <= TLS_VERSION_1_1)
101  {
102  //Check certificate type
103  if(cert->type != TLS_CERT_RSA_SIGN &&
104  cert->type != TLS_CERT_DSS_SIGN &&
105  cert->type != TLS_CERT_ECDSA_SIGN)
106  {
107  error = ERROR_HANDSHAKE_FAILED;
108  }
109  }
110  else
111 #endif
112 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
113  //TLS 1.2 or TLS 1.3 currently selected?
114  if(context->version >= TLS_VERSION_1_2)
115  {
116  uint_t i;
117  uint_t n;
118  uint16_t signScheme;
119 
120  //Check whether the peer has provided a list of supported signature
121  //algorithms
122  if(signAlgoList != NULL)
123  {
124  //Any preferred preferred signature algorithms?
125  if(context->numSupportedSignAlgos > 0)
126  {
127  //Loop through the list of allowed signature algorithms (most
128  //preferred first)
129  for(i = 0; i < context->numSupportedSignAlgos; i++)
130  {
131  //Get current signature algorithm
132  signScheme = context->supportedSignAlgos[i];
133 
134  //Check whether the signature algorithm is offered by the peer
135  if(tlsIsSignAlgoOffered(signScheme, signAlgoList))
136  {
137  //The signature algorithm must be compatible with the key in
138  //the end-entity certificate (refer to RFC 5246, section 7.4.3)
139  if(tlsIsSignAlgoAcceptable(context, signScheme, cert))
140  {
141  //Check whether the signature algorithm is supported
142  if(tlsIsSignAlgoSupported(context, signScheme))
143  {
144  context->signScheme = (TlsSignatureScheme) signScheme;
145  break;
146  }
147  }
148  }
149  }
150  }
151  else
152  {
153  //Retrieve the number of items in the list
154  n = ntohs(signAlgoList->length) / sizeof(uint16_t);
155 
156  //Loop through the list of signature algorithms offered by the peer
157  for(i = 0; i < n; i++)
158  {
159  //Each SignatureScheme value lists a single signature algorithm
160  signScheme = ntohs(signAlgoList->value[i]);
161 
162  //The signature algorithm must be compatible with the key in the
163  //end-entity certificate (refer to RFC 5246, section 7.4.3)
164  if(tlsIsSignAlgoAcceptable(context, signScheme, cert))
165  {
166  //Check whether the signature algorithm is supported
167  if(tlsIsSignAlgoSupported(context, signScheme))
168  {
169  context->signScheme = (TlsSignatureScheme) signScheme;
170  break;
171  }
172  }
173  }
174  }
175  }
176  else
177  {
178  //TLS 1.2 clients may omit the SignatureAlgorithms extension
179  if(context->version == TLS_VERSION_1_2)
180  {
181  //Check certificate type
182  if(cert->type == TLS_CERT_RSA_SIGN)
183  {
184  //If the negotiated key exchange algorithm is one of RSA,
185  //DHE_RSA, DH_RSA, RSA_PSK, ECDH_RSA, ECDHE_RSA, behave as if
186  //client had sent the value {sha1,rsa}
187  signScheme = TLS_SIGN_SCHEME(TLS_SIGN_ALGO_RSA,
189  }
190  else if(cert->type == TLS_CERT_DSS_SIGN)
191  {
192  //If the negotiated key exchange algorithm is one of DHE_DSS,
193  //DH_DSS, behave as if the client had sent the value {sha1,dsa}
194  signScheme = TLS_SIGN_SCHEME(TLS_SIGN_ALGO_DSA,
196  }
197  else if(cert->type == TLS_CERT_ECDSA_SIGN)
198  {
199  //If the negotiated key exchange algorithm is one of ECDH_ECDSA,
200  //ECDHE_ECDSA, behave as if the client had sent value {sha1,ecdsa}
203  }
204  else
205  {
206  //Unknown certificate type
207  signScheme = TLS_SIGN_SCHEME_NONE;
208  }
209 
210  //Check whether the signature algorithm is supported
211  if(tlsIsSignAlgoSupported(context, signScheme))
212  {
213  context->signScheme = (TlsSignatureScheme) signScheme;
214  }
215  }
216  }
217 
218  //If no acceptable choices are presented, return an error
219  if(context->signScheme == TLS_SIGN_SCHEME_NONE)
220  {
221  error = ERROR_HANDSHAKE_FAILED;
222  }
223  }
224  else
225 #endif
226  //Invalid TLS version?
227  {
228  //Report an error
229  error = ERROR_INVALID_VERSION;
230  }
231 
232  //Return status code
233  return error;
234 }
235 
236 
237 /**
238  * @brief Format SignatureAlgorithms extension
239  * @param[in] context Pointer to the TLS context
240  * @param[in] p Output stream where to write the SignatureAlgorithms extension
241  * @param[out] written Total number of bytes that have been written
242  * @return Error code
243  **/
244 
246  size_t *written)
247 {
248  error_t error;
249  size_t n;
250 
251  //Initialize status code
252  error = NO_ERROR;
253 
254 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
255  //Check whether TLS 1.2 or TLS 1.3 is supported
256  if(context->versionMax >= TLS_VERSION_1_2)
257  {
258  TlsExtension *extension;
259 
260  //Add the SignatureAlgorithms extension
261  extension = (TlsExtension *) p;
262  //Type of the extension
263  extension->type = HTONS(TLS_EXT_SIGNATURE_ALGORITHMS);
264 
265  //The SignatureAlgorithms extension indicates which signature/hash
266  //algorithm pairs may be used in digital signatures
267  error = tlsFormatSupportedSignAlgos(context, extension->value, &n);
268 
269  //Check status code
270  if(!error)
271  {
272  //Fix the length of the extension
273  extension->length = htons(n);
274 
275  //Compute the length, in bytes, of the SignatureAlgorithms extension
276  n += sizeof(TlsExtension);
277  }
278  }
279  else
280 #endif
281  {
282  //This extension is not meaningful for TLS versions prior to 1.2.
283  //Clients must not offer it if they are offering prior versions (refer
284  //to RFC 5246, section 7.4.1.4.1)
285  n = 0;
286  }
287 
288  //Check status code
289  if(!error)
290  {
291  //Total number of bytes that have been written
292  *written = n;
293  }
294 
295  //Return status code
296  return error;
297 }
298 
299 
300 /**
301  * @brief Format SignatureAlgorithmsCert extension
302  * @param[in] context Pointer to the TLS context
303  * @param[in] p Output stream where to write the SignatureAlgorithmsCert extension
304  * @param[out] written Total number of bytes that have been written
305  * @return Error code
306  **/
307 
309  uint8_t *p, size_t *written)
310 {
311  size_t n = 0;
312 
313 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
314  //TLS 1.2 implementations should also process this extension
315  if(context->versionMax >= TLS_VERSION_1_2)
316  {
317  uint_t i;
318  TlsExtension *extension;
319  TlsSignSchemeList *signAlgoList;
320 
321  //Add the SignatureAlgorithmsCert extension
322  extension = (TlsExtension *) p;
323  //Type of the extension
324  extension->type = HTONS(TLS_EXT_SIGNATURE_ALGORITHMS_CERT);
325 
326  //The SignatureAlgorithmsCert extension allows an implementation to
327  //indicate which signature algorithms it can validate in X.509
328  //certificates
329  signAlgoList = (TlsSignSchemeList *) extension->value;
330 
331  //Enumerate the hash/signature algorithm pairs in descending order
332  //of preference
333  n = 0;
334 
335  //Loop through the list of supported signature algorithms
336  for(i = 0; i < arraysize(tlsSupportedSignAlgos); i++)
337  {
338  //Check whether the signature algorithm can be used for X.509
339  //certificate validation
341  {
342  //Add the current signature algorithm to the list
343  signAlgoList->value[n++] = htons(tlsSupportedSignAlgos[i]);
344  }
345  }
346 
347  //Compute the length, in bytes, of the list
348  n *= sizeof(uint16_t);
349  //Fix the length of the list
350  signAlgoList->length = htons(n);
351 
352  //Consider the 2-byte length field that precedes the list
353  n += sizeof(TlsSignSchemeList);
354  //Fix the length of the extension
355  extension->length = htons(n);
356 
357  //Compute the length, in bytes, of the SignatureAlgorithmsCert extension
358  n += sizeof(TlsExtension);
359  }
360 #endif
361 
362  //Total number of bytes that have been written
363  *written = n;
364 
365  //Successful processing
366  return NO_ERROR;
367 }
368 
369 
370 /**
371  * @brief Format the list of supported signature algorithms
372  * @param[in] context Pointer to the TLS context
373  * @param[in] p Output stream where to write the list of signature algorithms
374  * @param[out] written Total number of bytes that have been written
375  * @return Error code
376  **/
377 
379  size_t *written)
380 {
381 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
382  uint_t i;
383  size_t n;
384  uint_t numSupportedSignAlgos;
385  const uint16_t *supportedSignAlgos;
386  TlsSignSchemeList *signAlgoList;
387 
388  //The list contains the hash/signature algorithm pairs that the
389  //implementation is able to verify
390  signAlgoList = (TlsSignSchemeList *) p;
391 
392  //Any preferred preferred signature algorithms?
393  if(context->numSupportedSignAlgos > 0)
394  {
395  //Point to the list of preferred signature algorithms
396  supportedSignAlgos = context->supportedSignAlgos;
397  numSupportedSignAlgos = context->numSupportedSignAlgos;
398  }
399  else
400  {
401  //Point to the list of default signature algorithms
402  supportedSignAlgos = tlsSupportedSignAlgos;
403  numSupportedSignAlgos = arraysize(tlsSupportedSignAlgos);
404  }
405 
406  //Enumerate the hash/signature algorithm pairs in descending order of
407  //preference
408  n = 0;
409 
410  //Loop through the list of signature algorithms
411  for(i = 0; i < numSupportedSignAlgos; i++)
412  {
413  //Check whether the signature algorithm can be used in digital signature
414  if(tlsIsSignAlgoSupported(context, supportedSignAlgos[i]))
415  {
416  //Add the current signature algorithm to the list
417  signAlgoList->value[n++] = htons(supportedSignAlgos[i]);
418  }
419  }
420 
421  //Compute the length, in bytes, of the list
422  n *= sizeof(uint16_t);
423  //Fix the length of the list
424  signAlgoList->length = htons(n);
425 
426  //Total number of bytes that have been written
427  *written = n + sizeof(TlsSignSchemeList);
428 
429  //Successful processing
430  return NO_ERROR;
431 #else
432  //Not implemented
433  return ERROR_NOT_IMPLEMENTED;
434 #endif
435 }
436 
437 
438 /**
439  * @brief Check whether a signature algorithm is offered in the
440  * SignatureAlgorithms extension
441  * @param[in] signScheme Signature scheme
442  * @param[in] signSchemeList List of signature schemes
443  * @return TRUE if the signature algorithm is offered in the
444  * SignatureAlgorithms extension, else FALSE
445  **/
446 
447 bool_t tlsIsSignAlgoOffered(uint16_t signScheme,
448  const TlsSignSchemeList *signSchemeList)
449 {
450  uint_t i;
451  uint_t n;
452  bool_t found;
453 
454  //Initialize flag
455  found = FALSE;
456 
457  //Valid SignatureAlgorithms extension?
458  if(signSchemeList != NULL)
459  {
460  //Get the number of signature algorithms present in the list
461  n = ntohs(signSchemeList->length) / sizeof(uint16_t);
462 
463  //Loop through the list of signature algorithms offered in the
464  //SignatureAlgorithms extension
465  for(i = 0; i < n && !found; i++)
466  {
467  //Matching signature algorithm?
468  if(ntohs(signSchemeList->value[i]) == signScheme)
469  {
470  found = TRUE;
471  }
472  }
473  }
474 
475  //Return TRUE if the signature algorithm is offered in the
476  //SignatureAlgorithms extension
477  return found;
478 }
479 
480 
481 /**
482  * @brief Check whether a signature algorithm is compatible with the specified
483  * end-entity certificate
484  * @param[in] context Pointer to the TLS context
485  * @param[in] signScheme Signature scheme
486  * @param[in] cert End entity certificate
487  * @return TRUE if the signature algorithm is compatible, else FALSE
488  **/
489 
490 bool_t tlsIsSignAlgoAcceptable(TlsContext *context, uint16_t signScheme,
491  const TlsCertDesc *cert)
492 {
493  bool_t acceptable;
494 
495  //Initialize flag
496  acceptable = FALSE;
497 
498 #if (TLS_RSA_SIGN_SUPPORT == ENABLED)
499  //RSA certificate?
500  if(cert->type == TLS_CERT_RSA_SIGN)
501  {
502  //Check signature scheme
503  if(TLS_SIGN_ALGO(signScheme) == TLS_SIGN_ALGO_RSA)
504  {
505  //In TLS 1.3, RSASSA-PKCS1-v1_5 signature algorithms refer solely to
506  //signatures which appear in certificates and are not defined for use
507  //in signed TLS handshake messages
508  if(context->version <= TLS_VERSION_1_2)
509  {
510  acceptable = TRUE;
511  }
512  }
513  else if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA256 ||
514  signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA384 ||
516  {
517  //TLS 1.2 or TLS 1.3 currently selected?
518  if(context->version >= TLS_VERSION_1_2)
519  {
520  acceptable = TRUE;
521  }
522  }
523  else
524  {
525  //Just for sanity
526  }
527  }
528  else
529 #endif
530 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED)
531  //RSA-PSS certificate?
532  if(cert->type == TLS_CERT_RSA_PSS_SIGN)
533  {
534  //TLS 1.2 or TLS 1.3 currently selected?
535  if(context->version >= TLS_VERSION_1_2)
536  {
537  //Check signature scheme
538  if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA256 ||
539  signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA384 ||
541  {
542  acceptable = TRUE;
543  }
544  }
545  }
546  else
547 #endif
548 #if (TLS_DSA_SIGN_SUPPORT == ENABLED)
549  //DSA certificate?
550  if(cert->type == TLS_CERT_DSS_SIGN)
551  {
552  //TLS 1.3 removes support for DSA certificates
553  if(context->version <= TLS_VERSION_1_2)
554  {
555  //Check signature scheme
556  if(TLS_SIGN_ALGO(signScheme) == TLS_SIGN_ALGO_DSA)
557  {
558  acceptable = TRUE;
559  }
560  }
561  }
562  else
563 #endif
564 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED)
565  //ECDSA certificate?
566  if(cert->type == TLS_CERT_ECDSA_SIGN)
567  {
568  //Version of TLS prior to TLS 1.3?
569  if(context->version <= TLS_VERSION_1_2)
570  {
571  //Check signature scheme
572  if(TLS_SIGN_ALGO(signScheme) == TLS_SIGN_ALGO_ECDSA)
573  {
574  acceptable = TRUE;
575  }
576  }
577  else
578  {
579  //Check signature scheme against elliptic curve
580  if(signScheme == TLS_SIGN_SCHEME_ECDSA_SECP256R1_SHA256 &&
582  {
583  acceptable = TRUE;
584  }
585  else if(signScheme == TLS_SIGN_SCHEME_ECDSA_SECP384R1_SHA384 &&
587  {
588  acceptable = TRUE;
589  }
590  else if(signScheme == TLS_SIGN_SCHEME_ECDSA_SECP521R1_SHA512 &&
592  {
593  acceptable = TRUE;
594  }
595  else if(signScheme == TLS_SIGN_SCHEME_ECDSA_BP256R1_TLS13_SHA256 &&
597  {
598  acceptable = TRUE;
599  }
600  else if(signScheme == TLS_SIGN_SCHEME_ECDSA_BP384R1_TLS13_SHA384 &&
602  {
603  acceptable = TRUE;
604  }
605  else if(signScheme == TLS_SIGN_SCHEME_ECDSA_BP512R1_TLS13_SHA512 &&
607  {
608  acceptable = TRUE;
609  }
610  else
611  {
612  }
613  }
614  }
615  else
616 #endif
617 #if (TLS_SM2_SIGN_SUPPORT == ENABLED)
618  //SM2 certificate?
619  if(cert->type == TLS_CERT_SM2_SIGN)
620  {
621  //TLS 1.3 currently selected?
622  if(context->version == TLS_VERSION_1_3)
623  {
624  //Check signature scheme
625  if(signScheme == TLS_SIGN_SCHEME_SM2SIG_SM3)
626  {
627  acceptable = TRUE;
628  }
629  }
630  }
631  else
632 #endif
633 #if (TLS_ED25519_SIGN_SUPPORT == ENABLED)
634  //Ed25519 certificate?
635  if(cert->type == TLS_CERT_ED25519_SIGN)
636  {
637  //TLS 1.2 or TLS 1.3 currently selected?
638  if(context->version >= TLS_VERSION_1_2)
639  {
640  //Check signature scheme
641  if(signScheme == TLS_SIGN_SCHEME_ED25519)
642  {
643  acceptable = TRUE;
644  }
645  }
646  }
647  else
648 #endif
649 #if (TLS_ED448_SIGN_SUPPORT == ENABLED)
650  //Ed448 certificate?
651  if(cert->type == TLS_CERT_ED448_SIGN)
652  {
653  //TLS 1.2 or TLS 1.3 currently selected?
654  if(context->version >= TLS_VERSION_1_2)
655  {
656  //Check signature scheme
657  if(signScheme == TLS_SIGN_SCHEME_ED448)
658  {
659  acceptable = TRUE;
660  }
661  }
662  }
663  else
664 #endif
665 #if (TLS_MLDSA44_SIGN_SUPPORT == ENABLED)
666  //ML-DSA-44 certificate?
667  if(cert->type == TLS_CERT_MLDSA44_SIGN)
668  {
669  //TLS 1.3 currently selected?
670  if(context->version == TLS_VERSION_1_3)
671  {
672  //Check signature scheme
673  if(signScheme == TLS_SIGN_SCHEME_MLDSA44)
674  {
675  acceptable = TRUE;
676  }
677  }
678  }
679  else
680 #endif
681 #if (TLS_MLDSA65_SIGN_SUPPORT == ENABLED)
682  //ML-DSA-65 certificate?
683  if(cert->type == TLS_CERT_MLDSA65_SIGN)
684  {
685  //TLS 1.3 currently selected?
686  if(context->version == TLS_VERSION_1_3)
687  {
688  //Check signature scheme
689  if(signScheme == TLS_SIGN_SCHEME_MLDSA65)
690  {
691  acceptable = TRUE;
692  }
693  }
694  }
695  else
696 #endif
697 #if (TLS_MLDSA87_SIGN_SUPPORT == ENABLED)
698  //ML-DSA-87 certificate?
699  if(cert->type == TLS_CERT_MLDSA87_SIGN)
700  {
701  //TLS 1.3 currently selected?
702  if(context->version == TLS_VERSION_1_3)
703  {
704  //Check signature scheme
705  if(signScheme == TLS_SIGN_SCHEME_MLDSA87)
706  {
707  acceptable = TRUE;
708  }
709  }
710  }
711  else
712 #endif
713  //Unsupported certificate type?
714  {
715  //Just for sanity
716  }
717 
718  //Return TRUE is the signature algorithm is compatible with the key in the
719  //end-entity certificate
720  return acceptable;
721 }
722 
723 
724 /**
725  * @brief Check whether a signature algorithm can be used for digital signatures
726  * @param[in] context Pointer to the TLS context
727  * @param[in] signScheme Signature scheme
728  * @return TRUE if the signature algorithm is supported, else FALSE
729  **/
730 
731 bool_t tlsIsSignAlgoSupported(TlsContext *context, uint16_t signScheme)
732 {
733 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
734  uint_t i;
735  uint_t cipherSuiteTypes;
736  TlsHashAlgo hashAlgoId;
737  const HashAlgo *hashAlgo;
738 
739  //Hash algorithm used by the signature scheme
740  hashAlgoId = TLS_HASH_ALGO_NONE;
741 
742  //Check TLS version
743  if(context->version <= TLS_VERSION_1_2)
744  {
745  //Check current state
746  if(context->state == TLS_STATE_CERTIFICATE_REQUEST ||
747  context->state == TLS_STATE_CLIENT_CERTIFICATE_VERIFY)
748  {
749  cipherSuiteTypes = TLS_CIPHER_SUITE_TYPE_RSA |
751  }
752  else
753  {
754  cipherSuiteTypes = context->cipherSuiteTypes;
755  }
756  }
757  else
758  {
759  cipherSuiteTypes = context->cipherSuiteTypes;
760  }
761 
762 #if (TLS_RSA_SIGN_SUPPORT == ENABLED)
763  //RSASSA-PKCS1-v1_5 signature algorithm?
764  if(TLS_SIGN_ALGO(signScheme) == TLS_SIGN_ALGO_RSA)
765  {
766  //Any RSA cipher suite proposed by the client?
767  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_RSA) != 0 ||
768  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
769  {
770  //Filter out hash algorithm
771  if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_MD5 ||
772  TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA1 ||
773  TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA224 ||
774  TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA256 ||
775  TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA384 ||
776  TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA512)
777  {
778  //Check whether the hash algorithm is supported
779  if(tlsGetHashAlgo(TLS_HASH_ALGO(signScheme)) != NULL)
780  {
781  hashAlgoId = TLS_HASH_ALGO(signScheme);
782  }
783  }
784  }
785  }
786  else
787 #endif
788 #if (TLS_DSA_SIGN_SUPPORT == ENABLED)
789  //DSA signature algorithm?
790  if(TLS_SIGN_ALGO(signScheme) == TLS_SIGN_ALGO_DSA)
791  {
792  //Any DSA cipher suite proposed by the client?
793  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_DSA) != 0 ||
794  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
795  {
796  //Filter out hash algorithm
797  if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA1 ||
798  TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA224 ||
799  TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA256)
800  {
801  //Check whether the hash algorithm is supported
802  if(tlsGetHashAlgo(TLS_HASH_ALGO(signScheme)) != NULL)
803  {
804  hashAlgoId = TLS_HASH_ALGO(signScheme);
805  }
806  }
807  }
808  }
809  else
810 #endif
811 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED)
812  //ECDSA signature algorithm?
813  if(TLS_SIGN_ALGO(signScheme) == TLS_SIGN_ALGO_ECDSA)
814  {
815  //Any ECC cipher suite proposed by the client?
816  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_ECDSA) != 0 ||
817  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
818  {
819  //Filter out hash algorithm
820  if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA1 ||
821  TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA224 ||
822  TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA256 ||
823  TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA384 ||
824  TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA512)
825  {
826  //Check whether the hash algorithm is supported
827  if(tlsGetHashAlgo(TLS_HASH_ALGO(signScheme)) != NULL)
828  {
829  hashAlgoId = TLS_HASH_ALGO(signScheme);
830  }
831  }
832  }
833  }
834  else
835 #endif
836 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED && TLS_SHA256_SUPPORT == ENABLED)
837  //RSASSA-PSS RSAE signature algorithm with SHA-256?
838  if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA256)
839  {
840  //Any RSA cipher suite proposed by the client?
841  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_RSA) != 0 ||
842  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
843  {
844  hashAlgoId = TLS_HASH_ALGO_SHA256;
845  }
846  }
847  else
848 #endif
849 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED && TLS_SHA384_SUPPORT == ENABLED)
850  //RSASSA-PSS RSAE signature algorithm with SHA-384?
851  if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA384)
852  {
853  //Any RSA cipher suite proposed by the client?
854  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_RSA) != 0 ||
855  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
856  {
857  hashAlgoId = TLS_HASH_ALGO_SHA384;
858  }
859  }
860  else
861 #endif
862 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED && TLS_SHA512_SUPPORT == ENABLED)
863  //RSASSA-PSS RSAE signature algorithm with SHA-512?
864  if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA512)
865  {
866  //Any RSA cipher suite proposed by the client?
867  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_RSA) != 0 ||
868  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
869  {
870  hashAlgoId = TLS_HASH_ALGO_SHA512;
871  }
872  }
873  else
874 #endif
875 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED && TLS_SHA256_SUPPORT == ENABLED)
876  //RSASSA-PSS PSS signature algorithm with SHA-256?
877  if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA256)
878  {
879  //Any RSA cipher suite proposed by the client?
880  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_RSA) != 0 ||
881  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
882  {
883  //Check whether the X.509 library can parse RSA-PSS certificates
885  {
886  hashAlgoId = TLS_HASH_ALGO_SHA256;
887  }
888  }
889  }
890  else
891 #endif
892 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED && TLS_SHA384_SUPPORT == ENABLED)
893  //RSASSA-PSS PSS signature algorithm with SHA-384?
894  if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA384)
895  {
896  //Any RSA cipher suite proposed by the client?
897  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_RSA) != 0 ||
898  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
899  {
900  //Check whether the X.509 library can parse RSA-PSS certificates
902  {
903  hashAlgoId = TLS_HASH_ALGO_SHA384;
904  }
905  }
906  }
907  else
908 #endif
909 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED && TLS_SHA512_SUPPORT == ENABLED)
910  //RSASSA-PSS PSS signature algorithm with SHA-512?
911  if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA512)
912  {
913  //Any RSA cipher suite proposed by the client?
914  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_RSA) != 0 ||
915  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
916  {
917  //Check whether the X.509 library can parse RSA-PSS certificates
919  {
920  hashAlgoId = TLS_HASH_ALGO_SHA512;
921  }
922  }
923  }
924  else
925 #endif
926 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED && TLS_SHA256_SUPPORT == ENABLED && \
927  TLS_BRAINPOOLP256R1_SUPPORT == ENABLED)
928  //ECDSA signature algorithm with brainpoolP256 curve and SHA-256?
930  {
931  //Any TLS 1.3 cipher suite proposed by the client?
932  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
933  {
934  hashAlgoId = TLS_HASH_ALGO_SHA256;
935  }
936  }
937  else
938 #endif
939 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED && TLS_SHA384_SUPPORT == ENABLED && \
940  TLS_BRAINPOOLP384R1_SUPPORT == ENABLED)
941  //ECDSA signature algorithm with brainpoolP384 curve and SHA-384?
943  {
944  //Any TLS 1.3 cipher suite proposed by the client?
945  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
946  {
947  hashAlgoId = TLS_HASH_ALGO_SHA384;
948  }
949  }
950  else
951 #endif
952 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED && TLS_SHA512_SUPPORT == ENABLED && \
953  TLS_BRAINPOOLP512R1_SUPPORT == ENABLED)
954  //ECDSA signature algorithm with brainpoolP512 curve and SHA-512?
956  {
957  //Any TLS 1.3 cipher suite proposed by the client?
958  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
959  {
960  hashAlgoId = TLS_HASH_ALGO_SHA512;
961  }
962  }
963  else
964 #endif
965 #if (TLS_SM2_SIGN_SUPPORT == ENABLED)
966  //SM2 signature algorithm?
967  if(signScheme == TLS_SIGN_SCHEME_SM2SIG_SM3)
968  {
969  //Any ShangMi cipher suite proposed by the client?
970  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_SM) != 0)
971  {
972  hashAlgoId = TLS_HASH_ALGO_INTRINSIC;
973  }
974  }
975  else
976 #endif
977 #if (TLS_ED25519_SIGN_SUPPORT == ENABLED)
978  //Ed25519 signature algorithm?
979  if(signScheme == TLS_SIGN_SCHEME_ED25519)
980  {
981  //Any ECC cipher suite proposed by the client?
982  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_ECDSA) != 0 ||
983  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
984  {
985  hashAlgoId = TLS_HASH_ALGO_INTRINSIC;
986  }
987  }
988  else
989 #endif
990 #if (TLS_ED448_SIGN_SUPPORT == ENABLED)
991  //Ed448 signature algorithm?
992  if(signScheme == TLS_SIGN_SCHEME_ED448)
993  {
994  //Any ECC cipher suite proposed by the client?
995  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_ECDSA) != 0 ||
996  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
997  {
998  hashAlgoId = TLS_HASH_ALGO_INTRINSIC;
999  }
1000  }
1001  else
1002 #endif
1003 #if (TLS_MLDSA44_SIGN_SUPPORT == ENABLED)
1004  //ML-DSA-44 signature algorithm?
1005  if(signScheme == TLS_SIGN_SCHEME_MLDSA44)
1006  {
1007  //Any TLS 1.3 cipher suite proposed by the client?
1008  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
1009  {
1010  hashAlgoId = TLS_HASH_ALGO_INTRINSIC;
1011  }
1012  }
1013  else
1014 #endif
1015 #if (TLS_MLDSA65_SIGN_SUPPORT == ENABLED)
1016  //ML-DSA-65 signature algorithm?
1017  if(signScheme == TLS_SIGN_SCHEME_MLDSA65)
1018  {
1019  //Any TLS 1.3 cipher suite proposed by the client?
1020  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
1021  {
1022  hashAlgoId = TLS_HASH_ALGO_INTRINSIC;
1023  }
1024  }
1025  else
1026 #endif
1027 #if (TLS_MLDSA87_SIGN_SUPPORT == ENABLED)
1028  //ML-DSA-87 signature algorithm?
1029  if(signScheme == TLS_SIGN_SCHEME_MLDSA87)
1030  {
1031  //Any TLS 1.3 cipher suite proposed by the client?
1032  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
1033  {
1034  hashAlgoId = TLS_HASH_ALGO_INTRINSIC;
1035  }
1036  }
1037  else
1038 #endif
1039  {
1040  //Unknown signature algorithm
1041  }
1042 
1043  //Check TLS version
1044  if(context->version <= TLS_VERSION_1_2)
1045  {
1046  //Check current state
1047  if(context->state == TLS_STATE_CERTIFICATE_REQUEST ||
1048  context->state == TLS_STATE_CLIENT_CERTIFICATE_VERIFY)
1049  {
1050  //Get the hash algorithm that matches the specified identifier
1051  hashAlgo = tlsGetHashAlgo(hashAlgoId);
1052 
1053  //Check whether the hash algorithm is supported
1054  if(hashAlgo != NULL)
1055  {
1056  //In TLS versions prior to 1.3, the client implementation can only
1057  //generate a CertificateVerify using SHA-1 or the hash used by
1058  //the PRF. Supporting all hash algorithms would require the client
1059  //to maintain hashes for every possible signature algorithm that
1060  //the server may request...
1061  if(hashAlgoId != TLS_HASH_ALGO_SHA1 &&
1062  hashAlgo != context->cipherSuite.prfHashAlgo)
1063  {
1064  hashAlgoId = TLS_HASH_ALGO_NONE;
1065  }
1066  }
1067  else
1068  {
1069  hashAlgoId = TLS_HASH_ALGO_NONE;
1070  }
1071  }
1072  }
1073 
1074  //Restrict the use of certain signature algorithms
1075  if(context->numSupportedSignAlgos > 0)
1076  {
1077  //Loop through the list of allowed signature algorithms
1078  for(i = 0; i < context->numSupportedSignAlgos; i++)
1079  {
1080  //Compare signature schemes
1081  if(context->supportedSignAlgos[i] == signScheme)
1082  break;
1083  }
1084 
1085  //Check whether the use of the signature algorithm is restricted
1086  if(i >= context->numSupportedSignAlgos)
1087  {
1088  hashAlgoId = TLS_HASH_ALGO_NONE;
1089  }
1090  }
1091 
1092  //Return TRUE is the signature algorithm is supported
1093  return (hashAlgoId != TLS_HASH_ALGO_NONE) ? TRUE : FALSE;
1094 #else
1095  //Not implemented
1096  return FALSE;
1097 #endif
1098 }
1099 
1100 
1101 /**
1102  * @brief Check whether a signature algorithm can be used for X.509
1103  * certificate validation
1104  * @param[in] signScheme Signature scheme
1105  * @return TRUE if the signature algorithm is supported, else FALSE
1106  **/
1107 
1109 {
1110  bool_t acceptable;
1111 
1112  //Check signature scheme
1113  if(TLS_SIGN_ALGO(signScheme) == TLS_SIGN_ALGO_RSA)
1114  {
1115  //Check whether RSA signature algorithm is supported
1117  {
1118  //Check hash algorithm
1119  if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_MD5)
1120  {
1121  //RSASSA-PKCS1-v1_5 signature algorithm with MD5
1123  }
1124  else if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA1)
1125  {
1126  //RSASSA-PKCS1-v1_5 signature algorithm with SHA-1
1128  }
1129  else if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA224)
1130  {
1131  //RSASSA-PKCS1-v1_5 signature algorithm with SHA-224
1133  }
1134  else if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA256)
1135  {
1136  //RSASSA-PKCS1-v1_5 signature algorithm with SHA-256
1138  }
1139  else if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA384)
1140  {
1141  //RSASSA-PKCS1-v1_5 signature algorithm with SHA-384
1143  }
1144  else if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA512)
1145  {
1146  //RSASSA-PKCS1-v1_5 signature algorithm with SHA-512
1148  }
1149  else
1150  {
1151  //Unknown hash algorithm
1152  acceptable = FALSE;
1153  }
1154  }
1155  else
1156  {
1157  //RSASSA-PKCS1-v1_5 signature algorithm is not supported
1158  acceptable = FALSE;
1159  }
1160  }
1161  else if(TLS_SIGN_ALGO(signScheme) == TLS_SIGN_ALGO_DSA)
1162  {
1163  //Check whether DSA signature algorithm is supported
1165  {
1166  //Check hash algorithm
1167  if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA1)
1168  {
1169  //DSA signature algorithm with SHA-1
1171  }
1172  else if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA224)
1173  {
1174  //DSA signature algorithm with SHA-224
1176  }
1177  else if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA256)
1178  {
1179  //DSA signature algorithm with SHA-256
1181  }
1182  else
1183  {
1184  //Unknown hash algorithm
1185  acceptable = FALSE;
1186  }
1187  }
1188  else
1189  {
1190  //DSA signature algorithm is not supported
1191  acceptable = FALSE;
1192  }
1193  }
1194  else if(TLS_SIGN_ALGO(signScheme) == TLS_SIGN_ALGO_ECDSA)
1195  {
1196  //Check whether ECDSA signature algorithm is supported
1198  {
1199  //Check hash algorithm
1200  if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA1)
1201  {
1202  //ECDSA signature algorithm with SHA-1
1204  }
1205  else if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA224)
1206  {
1207  //ECDSA signature algorithm with SHA-224
1209  }
1210  else if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA256)
1211  {
1212  //ECDSA signature algorithm with SHA-256
1214  }
1215  else if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA384)
1216  {
1217  //ECDSA signature algorithm with SHA-384
1219  }
1220  else if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA512)
1221  {
1222  //ECDSA signature algorithm with SHA-512
1224  }
1225  else
1226  {
1227  //Unknown hash algorithm
1228  acceptable = FALSE;
1229  }
1230  }
1231  else
1232  {
1233  //ECDSA signature algorithm is not supported
1234  acceptable = FALSE;
1235  }
1236  }
1237  else if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA256 ||
1238  signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA256)
1239  {
1240  //RSASSA-PSS signature algorithm with SHA-256
1243  }
1244  else if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA384 ||
1245  signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA384)
1246  {
1247  //RSASSA-PSS signature algorithm with SHA-384
1250  }
1251  else if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA512 ||
1252  signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA512)
1253  {
1254  //RSASSA-PSS signature algorithm with SHA-512
1257  }
1258 #if (EC_SUPPORT == ENABLED)
1259  else if(signScheme == TLS_SIGN_SCHEME_ECDSA_BP256R1_TLS13_SHA256)
1260  {
1261  //ECDSA signature algorithm with brainpoolP256 curve and SHA-256
1265  }
1266  else if(signScheme == TLS_SIGN_SCHEME_ECDSA_BP384R1_TLS13_SHA384)
1267  {
1268  //ECDSA signature algorithm with brainpoolP384 curve and SHA-384
1272  }
1273  else if(signScheme == TLS_SIGN_SCHEME_ECDSA_BP512R1_TLS13_SHA512)
1274  {
1275  //ECDSA signature algorithm with brainpoolP512 curve and SHA-512
1279  }
1280 #endif
1281  else if(signScheme == TLS_SIGN_SCHEME_SM2SIG_SM3)
1282  {
1283  //SM2 signature algorithm
1285  }
1286  else if(signScheme == TLS_SIGN_SCHEME_ED25519)
1287  {
1288  //Ed25519 signature algorithm (PureEdDSA mode)
1290  }
1291  else if(signScheme == TLS_SIGN_SCHEME_ED448)
1292  {
1293  //Ed448 signature algorithm (PureEdDSA mode)
1295  }
1296  else if(signScheme == TLS_SIGN_SCHEME_MLDSA44)
1297  {
1298  //ML-DSA-44 signature algorithm
1300  }
1301  else if(signScheme == TLS_SIGN_SCHEME_MLDSA65)
1302  {
1303  //ML-DSA-65 signature algorithm
1305  }
1306  else if(signScheme == TLS_SIGN_SCHEME_MLDSA87)
1307  {
1308  //ML-DSA-87 signature algorithm
1310  }
1311  else
1312  {
1313  //Unknown signature algorithm
1314  acceptable = FALSE;
1315  }
1316 
1317  //Return TRUE is the signature algorithm is supported
1318  return acceptable;
1319 }
1320 
1321 #endif
bool_t x509IsCurveSupported(const uint8_t *oid, size_t length)
Check whether a given elliptic curve is supported.
Definition: x509_common.c:410
#define htons(value)
Definition: cpu_endian.h:413
@ TLS_SIGN_ALGO_DSA
Definition: tls.h:1322
@ TLS_CIPHER_SUITE_TYPE_RSA
TLS helper functions.
@ TLS_SIGN_SCHEME_ECDSA_BP256R1_TLS13_SHA256
Definition: tls.h:1355
int bool_t
Definition: compiler_port.h:63
TLS cipher suites.
bool_t x509IsSignAlgoSupported(X509SignatureAlgo signAlgo)
Check whether a given signature algorithm is supported.
Definition: x509_common.c:210
const HashAlgo * tlsGetHashAlgo(TlsHashAlgo hashAlgoId)
Get the hash algorithm that matches the specified identifier.
Definition: tls_misc.c:1431
bool_t x509IsHashAlgoSupported(X509HashAlgo hashAlgo)
Check whether a given hash algorithm is supported.
Definition: x509_common.c:306
@ X509_SIGN_ALGO_MLDSA65
Definition: x509_common.h:689
@ TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA256
Definition: tls.h:1345
bool_t tlsIsCertSignAlgoSupported(uint16_t signScheme)
Check whether a signature algorithm can be used for X.509 certificate validation.
@ TLS_CERT_MLDSA44_SIGN
Definition: tls.h:1290
@ ERROR_NOT_IMPLEMENTED
Definition: error.h:66
uint8_t p
Definition: ndp.h:300
@ TLS_SIGN_SCHEME_MLDSA44
Definition: tls.h:1368
#define TRUE
Definition: os_port.h:50
@ TLS_STATE_CERTIFICATE_REQUEST
Definition: tls.h:1597
@ TLS_GROUP_SECP256R1
Definition: tls.h:1516
TlsCertificateType type
End entity certificate type.
Definition: tls.h:2292
const uint8_t BRAINPOOLP512R1_OID[9]
Definition: ec_curves.c:100
@ TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA512
Definition: tls.h:1350
error_t tlsFormatSignAlgosExtension(TlsContext *context, uint8_t *p, size_t *written)
Format SignatureAlgorithms extension.
bool_t tlsIsSignAlgoAcceptable(TlsContext *context, uint16_t signScheme, const TlsCertDesc *cert)
Check whether a signature algorithm is compatible with the specified end-entity certificate.
@ TLS_HASH_ALGO_SHA1
Definition: tls.h:1304
TlsHashAlgo
Hash algorithms.
Definition: tls.h:1301
@ ERROR_HANDSHAKE_FAILED
Definition: error.h:234
const uint8_t BRAINPOOLP384R1_OID[9]
Definition: ec_curves.c:96
@ TLS_CERT_DSS_SIGN
Definition: tls.h:1275
@ TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA512
Definition: tls.h:1347
@ TLS_SIGN_SCHEME_NONE
Definition: tls.h:1337
@ TLS_SIGN_SCHEME_ED25519
Definition: tls.h:1359
TlsExtension
Definition: tls.h:1741
@ ERROR_INVALID_VERSION
Definition: error.h:118
@ TLS_GROUP_BRAINPOOLP256R1
Definition: tls.h:1519
#define TLS_HASH_ALGO(signScheme)
Definition: tls_sign_misc.h:41
@ TLS_CIPHER_SUITE_TYPE_TLS13
@ TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA384
Definition: tls.h:1349
@ TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA384
Definition: tls.h:1346
@ TLS_HASH_ALGO_NONE
Definition: tls.h:1302
@ TLS_SIGN_SCHEME_MLDSA65
Definition: tls.h:1369
@ TLS_CIPHER_SUITE_TYPE_SM
@ X509_SIGN_ALGO_MLDSA44
Definition: x509_common.h:688
error_t tlsFormatSupportedSignAlgos(TlsContext *context, uint8_t *p, size_t *written)
Format the list of supported signature algorithms.
@ TLS_EXT_SIGNATURE_ALGORITHMS_CERT
Definition: tls.h:1435
@ TLS_HASH_ALGO_SHA224
Definition: tls.h:1305
@ TLS_SIGN_SCHEME_MLDSA87
Definition: tls.h:1370
@ TLS_CIPHER_SUITE_TYPE_ECDSA
@ TLS_HASH_ALGO_SHA512
Definition: tls.h:1308
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA1
Definition: tls.h:1338
#define FALSE
Definition: os_port.h:46
bool_t tlsIsSignAlgoSupported(TlsContext *context, uint16_t signScheme)
Check whether a signature algorithm can be used for digital signatures.
const uint16_t tlsSupportedSignAlgos[]
Definition: tls_sign_misc.c:45
#define TlsContext
Definition: tls.h:36
error_t
Error codes.
Definition: error.h:43
@ TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA256
Definition: tls.h:1348
@ TLS_SIGN_SCHEME_ECDSA_SECP521R1_SHA512
Definition: tls.h:1354
@ TLS_CERT_ED25519_SIGN
Definition: tls.h:1288
@ TLS_CERT_MLDSA65_SIGN
Definition: tls.h:1291
#define TLS_VERSION_1_2
Definition: tls.h:97
@ TLS_HASH_ALGO_INTRINSIC
Definition: tls.h:1309
@ X509_SIGN_ALGO_ECDSA
Definition: x509_common.h:684
#define TLS_VERSION_1_3
Definition: tls.h:98
@ TLS_HASH_ALGO_SHA384
Definition: tls.h:1307
@ TLS_CERT_RSA_PSS_SIGN
Definition: tls.h:1286
error_t tlsSelectSignAlgo(TlsContext *context, const TlsCertDesc *cert, const TlsSignSchemeList *signAlgoList)
Select the algorithm to be used when generating digital signatures.
Definition: tls_sign_misc.c:88
@ TLS_SIGN_SCHEME_ECDSA_SHA1
Definition: tls.h:1351
@ X509_HASH_ALGO_SHA1
Definition: x509_common.h:702
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA256
Definition: tls.h:1339
@ TLS_GROUP_SECP384R1
Definition: tls.h:1517
@ TLS_CERT_MLDSA87_SIGN
Definition: tls.h:1292
@ TLS_STATE_CLIENT_CERTIFICATE_VERIFY
Definition: tls.h:1601
@ TLS_SIGN_SCHEME_ECDSA_BP512R1_TLS13_SHA512
Definition: tls.h:1357
TlsSignSchemeList
Definition: tls.h:1685
@ TLS_HASH_ALGO_SHA256
Definition: tls.h:1306
@ TLS_CERT_ED448_SIGN
Definition: tls.h:1289
@ TLS_CERT_RSA_SIGN
Definition: tls.h:1274
@ X509_HASH_ALGO_SHA224
Definition: x509_common.h:703
@ X509_SIGN_ALGO_MLDSA87
Definition: x509_common.h:690
@ TLS_GROUP_BRAINPOOLP512R1
Definition: tls.h:1521
@ TLS_CERT_SM2_SIGN
Definition: tls.h:1287
@ X509_SIGN_ALGO_RSA
Definition: x509_common.h:681
@ TLS_GROUP_SECP521R1
Definition: tls.h:1518
@ TLS_HASH_ALGO_MD5
Definition: tls.h:1303
Certificate descriptor.
Definition: tls.h:2286
#define ntohs(value)
Definition: cpu_endian.h:421
@ X509_HASH_ALGO_MD5
Definition: x509_common.h:701
#define TLS_VERSION_1_1
Definition: tls.h:96
bool_t tlsIsSignAlgoOffered(uint16_t signScheme, const TlsSignSchemeList *signSchemeList)
Check whether a signature algorithm is offered in the SignatureAlgorithms extension.
@ X509_SIGN_ALGO_RSA_PSS
Definition: x509_common.h:682
#define HTONS(value)
Definition: cpu_endian.h:410
uint8_t n
@ X509_HASH_ALGO_SHA512
Definition: x509_common.h:706
@ TLS_SIGN_SCHEME_SM2SIG_SM3
Definition: tls.h:1358
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA512
Definition: tls.h:1341
@ TLS_SIGN_SCHEME_ECDSA_BP384R1_TLS13_SHA384
Definition: tls.h:1356
@ TLS_SIGN_SCHEME_ED448
Definition: tls.h:1360
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA384
Definition: tls.h:1340
@ TLS_SIGN_SCHEME_ECDSA_SECP384R1_SHA384
Definition: tls.h:1353
Helper functions for signature generation and verification.
@ X509_HASH_ALGO_SHA384
Definition: x509_common.h:705
@ X509_HASH_ALGO_SHA256
Definition: x509_common.h:704
TLS (Transport Layer Security)
@ TLS_SIGN_ALGO_RSA
Definition: tls.h:1321
@ TLS_CERT_ECDSA_SIGN
Definition: tls.h:1281
@ TLS_EXT_SIGNATURE_ALGORITHMS
Definition: tls.h:1405
Common interface for hash algorithms.
Definition: crypto.h:1165
#define TLS_SIGN_ALGO(signScheme)
Definition: tls_sign_misc.h:38
@ TLS_SIGN_SCHEME_ECDSA_SECP256R1_SHA256
Definition: tls.h:1352
error_t tlsFormatSignAlgosCertExtension(TlsContext *context, uint8_t *p, size_t *written)
Format SignatureAlgorithmsCert extension.
@ X509_SIGN_ALGO_SM2
Definition: x509_common.h:685
TlsSignatureScheme
Signature schemes.
Definition: tls.h:1336
@ X509_SIGN_ALGO_ED25519
Definition: x509_common.h:686
unsigned int uint_t
Definition: compiler_port.h:57
@ TLS_CIPHER_SUITE_TYPE_DSA
@ TLS_SIGN_ALGO_ECDSA
Definition: tls.h:1323
#define TLS_SIGN_SCHEME(signAlgo, hashAlgo)
Definition: tls.h:1022
TlsNamedGroup namedCurve
Named curve used to generate the EC public key.
Definition: tls.h:2294
@ NO_ERROR
Success.
Definition: error.h:44
Debugging facilities.
@ TLS_GROUP_BRAINPOOLP384R1
Definition: tls.h:1520
@ X509_SIGN_ALGO_DSA
Definition: x509_common.h:683
#define arraysize(a)
Definition: os_port.h:71
@ X509_SIGN_ALGO_ED448
Definition: x509_common.h:687
const uint8_t BRAINPOOLP256R1_OID[9]
Definition: ec_curves.c:88